Policy

crypto-scammers-posing-as-real-brands-on-x-are-easily-hacking-youtubers

Crypto scammers posing as real brands on X are easily hacking YouTubers

Cryptocurrency, cryptocurrency scam, fake x accounts, Gmail, Google, LinkedIn, phishing, Policy, Twitter, X, youtube / /

“I’m fighting with Google now,” Townsend told Ars. “I don’t expect any real answers from them.”

How YouTubers can avoid being targeted

As YouTube appears evasive, Townsend has been grateful for long-time subscribers commenting to show support, which may help get his videos amplified more by the algorithm. On YouTube, he also said that because “the outpouring of support was beyond anything” he could’ve expected, it kept him “sane” through sometimes 24-hour periods of silence without any updates on when his account would be restored.

Townsend told Ars that he rarely does sponsorships, but like many in the fighting game community, his inbox gets spammed with offers constantly, much of which he assumes are scams.

“If you are a YouTuber of any size,” Townsend explained in his YouTube video, “you are inundated with this stuff constantly,” so “my BS detector is like, okay, fake, fake, fake, fake, fake, fake, fake. But this one just, it looked real enough, like they had their own social media presence, lots of followers. Everything looked real.”

Brian_F echoed that in his video, which breaks down how the latest scam evolved from more obvious scams, tricking even skeptical YouTubers who have years of experience dodging phishing scams in their inboxes.

“The game has changed,” Brian_F said.

Townsend told Ars that sponsorships are rare in the fighting game community. YouTubers are used to carefully scanning supposed offers to weed out the real ones from the fakes. But Brian_F’s video pointed out that scammers copy/paste legitimate offer letters, so it’s already hard to distinguish between potential sources of income and cleverly masked phishing attacks using sponsorships as lures.

Part of the vetting process includes verifying links without clicking through and verifying identities of people submitting supposed offers. But if YouTubers are provided with legitimate links early on, receiving offers from brands they really like, and see that contacts match detailed LinkedIn profiles of authentic employees who market the brand, it’s much harder to detect a fake sponsorship offer without as many obvious red flags.

Crypto scammers posing as real brands on X are easily hacking YouTubers Read More »

us-temporarily-bans-drones-in-parts-of-nj,-may-use-“deadly-force”-against-aircraft

US temporarily bans drones in parts of NJ, may use “deadly force” against aircraft

drone sightings, Drones, Policy / /

The Federal Aviation Administration temporarily banned drones over parts of New Jersey yesterday and said “the United States government may use deadly force against” airborne aircraft “if it is determined that the aircraft poses an imminent security threat.”

The FAA issued 22 orders imposing “temporary flight restrictions for special security reasons” until January 17, 2025. “At the request of federal security partners, the FAA published 22 Temporary Flight Restrictions (TFRs) prohibiting drone flights over critical New Jersey infrastructure,” an FAA statement said.

Each NOTAM (Notice to Air Missions) affects a specific area. “No UAS [Unmanned Aircraft System] operations are authorized in the areas covered by this NOTAM” unless they have clearance for specific operations, the FAA said. Allowed operations include support for national defense, law enforcement, firefighting, and commercial operations “with a valid statement of work.”

“Pilots who do not adhere to the following proc[edure] may be intercepted, detained and interviewed by law enforcement/security personnel,” the FAA said. Violating the order could result in “civil penalties and the suspension or revocation of airmen certificates,” and criminal charges, the FAA said.

The New Jersey orders affect areas in Evesham, Hamilton, Bridgewater, Cedar Grove, Metuchen, North Brunswick Township, Camden, Gloucester City, Westampton, South Brunswick, Edison, Branchburg, Sewaren, Jersey City, Harrison, Elizabeth, Bayonne, Winslow, Burlington, Clifton, Hancocks Bridge, and Kearny.

5,000 tips to FBI, but nothing “anomalous”

The latest notices follow numerous sightings of objects that appeared to be drones, which worried New Jersey residents and prompted state and federal officials to investigate and issue several public statements. The FAA last month imposed temporary flight restrictions at the Picatinny Arsenal, an Army research and manufacturing facility, and a Bedminster golf course owned by President-elect Donald Trump.

On December 16, a joint statement was issued by the US Department of Homeland Security, the FBI, the FAA, and Department of Defense. The “FBI has received tips of more than 5,000 reported drone sightings in the last few weeks with approximately 100 leads generated,” but evidence so far suggests “the sightings to date include a combination of lawful commercial drones, hobbyist drones, and law enforcement drones, as well as manned fixed-wing aircraft, helicopters, and stars mistakenly reported as drones,” the statement said. “We have not identified anything anomalous and do not assess the activity to date to present a national security or public safety risk over the civilian airspace in New Jersey or other states in the northeast.”

US temporarily bans drones in parts of NJ, may use “deadly force” against aircraft Read More »

amazon’s-rto-delays-exemplify-why-workers-get-so-mad-about-mandates

Amazon’s RTO delays exemplify why workers get so mad about mandates

Amazon, Policy, return-to-office, Tech / /

Concern about RTO planning is underscored by Amazon reportedly lacking enough space for its current in-office policy. Bloomberg said that “in recent interviews, employees complained of working from shared desks, crowded corporate canteens, and a lack of conference rooms for confidential calls or team meetings.”

The publication also pointed to employee displeasure with having to work in an office full-time when other tech firms have more lax policies. This could result in Amazon losing some of its best talent. Per the study from the University of Pittsburgh, Baylor University, The Chinese University of Hong Kong, and Cheung Kong Graduate School of Business researchers, senior, skilled workers are more likely to depart a company over an RTO mandate because they have “more connections with other companies.”

Employees eyeing greener pastures could put Amazon at risk of losing some of its most experienced employees. That also reportedly happened to Apple, Microsoft, and SpaceX following their RTO mandates, per a May study from University of Chicago and University of Michigan researchers (PDF). Following Amazon’s RTO announcement, 73 percent of 2,285 workers that Blind surveyed said they were “considering looking for another job” due to the rule change.

Finally, banning remote work while giving workers a few months to figure out how to adjust resulted in a lot of negative discourse, including Garman reportedly telling workers that if they don’t work well in offices, “that’s okay; there are other companies around.” As the November RTO study put it:

“An RTO announcement can be a big and sudden event that is distasteful to most employees, especially when the decision has not been well communicated, potentially triggering an immediate response of employees searching for and switching to new jobs.”

If Amazon had communicated RTO dates with greater accuracy once office plans were finalized, it could have alleviated some of the drama that followed the announcement and the negative impact that had on employee morale.

For its part, Amazon has instituted a tool for reserving conference rooms, which requires workers to commit to using the space so it’s not wasted, Bloomberg reported.

But with companies now having had years to plot their RTO approaches, employees are expecting more accurate communication and smooth transitions that align with their respective department’s culture. Amazon’s approach missed those marks.

Amazon’s RTO delays exemplify why workers get so mad about mandates Read More »

$2-per-megabyte:-at&t-mistakenly-charged-customer-$6,223-for-3.1gb-of-data

$2 per megabyte: AT&T mistakenly charged customer $6,223 for 3.1GB of data

AT&T, Policy / /

An AT&T customer who switched to the company’s FirstNet service for first responders got quite the shock when his bill came in at $6,223.60, instead of the roughly $260 that his four-line plan previously cost each month.

The Texas man described his experience in a now-deleted Reddit post three days ago, saying he hadn’t been able to get the obviously incorrect bill reversed despite calling AT&T and going to an AT&T store in Dallas. The case drew plenty of attention and the bill was finally wiped out several days after the customer contacted the AT&T president’s office.

The customer said he received the billing email on December 11. An automatic payment was scheduled for December 15, but he canceled the autopay before the money was charged. The whole mess took a week to straighten out.

“I have been with AT&T for over a decade and I have always had unlimited plans so I knew this was a mistake,” he wrote. “The only change I have made to my account is last month I moved my line over to FirstNet. I am a first responder and I was told my price per month would actually go down a few dollars a month.”

“We have apologized for the inconvenience”

AT&T confirmed to Ars today that it “straightened out the customer’s bill.”

“We understand how frustrating this must have been for [the customer] and we have apologized for the inconvenience. We have resolved his concerns about his bill and are investigating to determine what caused this system error,” an AT&T spokesperson told Ars.

The customer posted screenshots of his bill, which helpfully pointed out, “Your bill increased $5,956.92” since the previous month. It included a $5.73 “discount for first responder appreciation,” but that wasn’t enough to wipe out a $6,194 line item listed as “Data Pay Per use 3,097MB at $2.00 per MB.”

$2 per megabyte: AT&T mistakenly charged customer $6,223 for 3.1GB of data Read More »

supreme-court-to-decide-if-tiktok-should-be-banned-or-sold

Supreme Court to decide if TikTok should be banned or sold

bytedance, china, First Amendment, free speech, Policy, SCOTUS, Supreme Court, tiktok, TikTok ban / /

While the controversial US law doesn’t necessarily ban TikTok, it does seem designed to make TikTok “go away,” Greene said, and such a move to interfere with a widely used communications platform seems “unprecedented.”

“The TikTok ban itself and the DC Circuit’s approval of it should be of great concern even to those who find TikTok undesirable or scary,” Greene said in a statement. “Shutting down communications platforms or forcing their reorganization based on concerns of foreign propaganda and anti-national manipulation is an eminently anti-democratic tactic, one that the US has previously condemned globally.”

Greene further warned that the US “cutting off a tool used by 170 million Americans to receive information and communicate with the world, without proving with evidence that the tools are presently seriously harmful” would “greatly” lower “well-established standards for restricting freedom of speech in the US.”

TikTok partly appears to be hoping that President-elect Donald Trump will disrupt enforcement of the law, but Greene said it remains unclear if Trump’s plan to “save TikTok” might just be a plan to support a sale to a US buyer. At least one former Trump ally, Steven Mnuchin, has reportedly expressed interest in buying the app.

For TikTok, putting pressure on Trump will likely be the next step, “if the Supreme Court ever says, ‘we agree the law is valid,'” Greene suggested.

“Then that’s it,” Greene said. “There’s no other legal recourse. You only have political recourses.”

Like other civil rights groups, the EFF plans to remain on TikTok’s side as the SCOTUS battle starts.

“We are pleased that the Supreme Court will take the case and will urge the justices to apply the appropriately demanding First Amendment scrutiny,” Greene said.

Supreme Court to decide if TikTok should be banned or sold Read More »

tp-link-faces-possible-us-ban-as-hijacked-routers-fuel-chinese-attacks

TP-Link faces possible US ban as hijacked routers fuel Chinese attacks

Chinese hackers, Policy, tp-link / /

Chinese hackers use botnet of TP-Link routers

Microsoft warned on October 31 that hackers working for the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices for attacks on users of Microsoft’s Azure cloud service. Microsoft said that “SOHO routers manufactured by TP-Link make up most of this network,” referring to routers for small offices and home offices.

The WSJ said its sources allege that “TP-Link routers are routinely shipped to customers with security flaws, which the company often fails to address” and that “TP-Link doesn’t engage with security researchers concerned about them.” The article notes that “US officials haven’t disclosed any evidence that TP-Link is a witting conduit for Chinese state-sponsored cyberattacks.”

We contacted TP-Link today and will update this article if it provides a response. A TP-Link spokesperson told the WSJ that the company “welcome[s] any opportunities to engage with the US government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the US market, US consumers, and addressing US national security risks.”

A March 2024 Hudson Institute policy memo by Michael O’Rielly, a former Federal Communications Commission member, said it remained “unclear how prevalent TP-Link’s vulnerabilities are compared to other wireless routers—from China or elsewhere—as there is no definitive comparison or ranking of routers based on security.” O’Rielly urged federal agencies to “keep track of TP-Link and other manufacturers’ cybersecurity practices and ownership structure, including any ties to the Chinese government,” but said “there is no evidence to suggest negligence or maliciousness with regard to past vulnerabilities or weaknesses in TP-Link’s security.”

New push against Chinese tech

TP-Link routers don’t seem to be tied to an ongoing Chinese hack of US telecom networks, dubbed Salt Typhoon. But that attack increased government officials’ urgency for taking action against Chinese technology companies. For example, the Biden administration is “moving to ban the few remaining operations of China Telecom,” a telco that was mostly kicked out of the US in 2021, The New York Times reported on Monday.

TP-Link faces possible US ban as hijacked routers fuel Chinese attacks Read More »

companies-issuing-rto-mandates-“lose-their-best-talent”:-study

Companies issuing RTO mandates “lose their best talent”: Study

Policy, return-to-office, Tech / /

Despite the risks, firms and Trump are eager to get people back into offices.

Return-to-office (RTO) mandates have caused companies to lose some of their best workers, a study tracking over 3 million workers at 54 “high-tech and financial” firms at the S&P 500 index has found. These companies also have greater challenges finding new talent, the report concluded.

The paper, Return-to-Office Mandates and Brain Drain [PDF], comes from researchers from the University of Pittsburgh, as well as Baylor University, The Chinese University of Hong Kong, and Cheung Kong Graduate School of Business. The study, which was published in November, spotted this month by human resources publication HR Dive, and cites Ars Technica reporting, was conducted by collecting information on RTO announcements and sourcing data from LinkedIn. The researchers said they only examined companies with data available for at least two quarters before and after they issued RTO mandates. The researchers explained:

To collect employee turnover data, we follow prior literature … and obtain the employment history information of over 3 million employees of the 54 RTO firms from Revelio Labs, a leading data provider that extracts information from employee LinkedIn profiles. We manually identify employees who left a firm during each period, then calculate the firm’s turnover rate by dividing the number of departing employees by the total employee headcount at the beginning of the period. We also obtain information about employees’ gender, seniority, and the number of skills listed on their individual LinkedIn profiles, which serves as a proxy for employees’ skill level.

There are limits to the study, however. The researchers noted that the study “cannot draw causal inferences based on our setting.” Further, smaller firms and firms outside of the high-tech and financial industries may show different results. Although not mentioned in the report, relying on data from a social media platform could also yield inaccuracies, and the number of skills listed on a LinkedIn profile may not accurately depict a worker’s skill level.

Still, the study provides insight into how employees respond to RTO mandates and the effect it has on corporations and available talent at a time when entities like Dell, Amazon, and the US government are getting stricter about in-office work.

Higher turnover rates

The researchers concluded that the average turnover rates for firms increased by 14 percent after issuing return-to-office policies.

“We expect the effect of RTO mandates on employee turnover to be even higher for other firms” the paper says.

The researchers included testing to ensure that the results stemmed from RTO mandates “rather than time trends.” For example, the researchers found that “there were no significant increases in turnover rates during any of the five quarters prior to the RTO announcement quarter.”

Potentially alarming for employers is the study finding that senior and skilled employees were more likely to leave following RTO mandates. This aligns with a study from University of Chicago and University of Michigan researchers published in May that found that Apple and Microsoft saw senior-level employee bases decrease by 5 percentage points and SpaceX a decrease of 5 percentage points. (For its part, Microsoft told Ars that the report did not align with internal data.)

Senior employees are expected to be more likely to leave, the new report argues, because such workers have “more connections with other companies” and have easier times finding new jobs. Further, senior, skilled employees are “dissatisfied” when management blames remote work for low productivity.

Similarly, the report supports concerns from some RTO-resistant employees that back-to-office mandates have a disproportionate impact on certain groups, like women, which the researchers said show “more pronounced” attrition rates following RTO mandates:

Importantly, the effect on female employee turnover is almost three times as high as that on male employees … One possible reason for these results is that female employees are more affected by RTO mandates due to their greater family responsibilities, which increases their demand for workplace flexibility and work-life balance.

Trouble finding talent

RTO mandates also have a negative impact on companies’ ability to find new employees, the study found. After examining over 2 million job postings, the researchers concluded that companies with RTO mandates take longer to fill job vacancies than before:

On average, the time it takes for an RTO firm to fill its job vacancies increases by approximately 23 percent, and the hire rate decreases by 17 percent after RTO mandates.

The researchers also found “significantly higher hiring costs induced by RTO mandates” and concluded that the findings combined “suggest that firms lose their best talent after RTO mandates and face significant difficulties replacing them.”

“The weakest form of management”

RTO mandates can obviously drive away workers who prioritize work-life balance, avoiding commutes and associated costs, and who feel more productive working in a self-controlled environment. The study, however, points to additional reasons RTO mandates make some people quit.

One reason cited is RTO rules communicating “a culture of distrust that encourages management through monitoring.” The researchers noted that Brian Elliott, CEO at Work Forward and a leadership adviser, described this as the “weakest form of management—and one that drives down employee engagement” in a November column for MIT Sloan Management Review.

Indeed, RTO mandates have led to companies like Dell performing VPN tracking, and companies like Amazon, Google, JP Morgan Chase, Meta, and TikTok reportedly tracking badge swipes, resulting in employee backlash.

The new study also pointed to RTO mandates making employees question company leadership and management’s decision-making abilities. We saw this with Amazon, when over 500 employees sent a letter to Amazon Web Services (AWS) CEO Matt Garman, saying that they were “appalled to hear the non-data-driven explanation you gave for Amazon imposing a five-day in-office mandate.”

Employees are also put off by the drama that follows an aggressive RTO policy, the report says:

An RTO announcement can be a big and sudden event that is distasteful to most employees, especially when the decision has not been well communicated, potentially triggering an immediate response of employees searching for and switching to new jobs.

After Amazon announced it would kill remote work in early 2025, a study by online community Blind found that 73 percent of 2,285 Amazon employees surveyed were “considering looking for another job” in response to the mandate.

“A wave of voluntary terminations”

The paper points to reasons that employees may opt to stay with a company post-RTO mandates. Those reasons include competitive job markets, personal costs associated with switching jobs, loyalty, and interest in the collaborative and social aspects of working in-office.

However, with the amount of evidence that RTO mandates drive employees away, some question if return-to-office mandates are subtle ways to reduce headcount without layoffs. Comments like AWS’s Garman reportedly telling workers that if they don’t like working in an office, “there are other companies around” have fueled this theory, as has Dell saying remote workers can’t get promoted. A BambooHR survey of 1,504 full-time US employees, including 504 HR managers or higher, in March found that 25 percent of VP and C-suite executives and 18 percent of HR pros examined “admit they hoped for some voluntary turnover during an RTO.”

Yesterday, President-elect Donald Trump said he plans to do away with a deal that allowed the Social Security Administration’s union to work remotely into 2029 and that those who don’t come back into the office will “be dismissed.” Similarly, Elon Musk and Vivek Ramaswamy, who Trump announced will head a new Department of Government Efficiency, wrote in a November op-ed that “requiring federal employees to come to the office five days a week would result in a wave of voluntary terminations that we welcome.”

Helen D. (Heidi) Reavis, managing partner at Reavis Page Jump LLP, an employment, dispute resolution, and media law firm, previously told Ars that employees “can face an array of legal consequences for encouraging workers to quit via their RTO policies.” Still, RTO mandates are set to continue being a point of debate and tension at workplaces into the new year.

Photo of Scharon Harding

Scharon is Ars Technica’s Senior Product Reviewer writing news, reviews, and analysis on consumer technology, including laptops, mechanical keyboards, and monitors. She’s based in Brooklyn.

Companies issuing RTO mandates “lose their best talent”: Study Read More »

big-loss-for-isps-as-supreme-court-won’t-hear-challenge-to-$15-broadband-law

Big loss for ISPs as Supreme Court won’t hear challenge to $15 broadband law

ISPs, new york $15 broadband law, Policy, Supreme Court / /

The Supreme Court petition was filed by the New York State Telecommunications Association, CTIA-The Wireless Association, NTCA-The Rural Broadband Association, USTelecom, ACA Connects-America’s Communications Association, and the Satellite Broadcasting and Communications Association. Cable lobby group NCTA filed a brief supporting the petition.

New York Attorney General Letitia James defended the state law in a Supreme Court brief filed in October. The brief said that when New York enacted its law, the Pai-era FCC “had classified broadband as an information service subject to Title I of the Communications Act. Under Title I, Congress gave the FCC only limited regulatory authority—leaving ample room for States to regulate information services.”

Multiple appeals courts have found “that federal law does not broadly preempt state regulations of Title I information services,” and “Congress has expressed no intent—much less the requisite clear and manifest intent—to preempt state regulation of Title I information services,” the New York brief said. “Applicants’ field preemption claim fails because, far from imposing a pervasive federal regulatory regime on Title I information services, Congress instead gave the FCC only limited authority over information services. Congress thus left the States’ traditional police powers over information services largely untouched.”

Law requires $15 price, or $20 for higher speeds

It’s unclear when New York might start enforcing its law. The state law was approved in 2021 and required ISPs to offer $15 broadband plans with download speeds of at least 25Mbps, with the $15 being “inclusive of any recurring taxes and fees such as recurring rental fees for service provider equipment required to obtain broadband service and usage fees.”

The law also said ISPs could instead choose to comply by offering $20-per-month service with 200Mbps speeds. Price increases would be capped at 2 percent per year, and state officials would periodically review whether minimum required speeds should be raised.

Residents who meet income eligibility requirements would qualify for the plans. ISPs with 20,000 or fewer subscribers would be allowed to apply for exemptions from the law.

The New York attorney general’s Supreme Court brief argued that public-interest factors “weigh heavily in favor of allowing” the law, and that it won’t create the economic problems that telco groups warned of. “The three largest broadband providers in New York are already offering an affordable broadband product to low-income consumers irrespective of the ABA, and smaller broadband providers can seek an exemption from the ABA’s requirements,” the brief said.

Big loss for ISPs as Supreme Court won’t hear challenge to $15 broadband law Read More »

facing-ban-next-month,-tiktok-begs-scotus-for-help

Facing ban next month, TikTok begs SCOTUS for help

bytedance, china, First Amendment, free speech, Policy, tiktok, TikTok ban, trump administration / /

TikTok: Ban is slippery slope to broad US censorship

According to TikTok, the government’s defense of the ban to prevent China from wielding a “covert” influence over Americans is a farce invented by lawyers to cover up the true mission of censorship. If the lower court’s verdict stands, TikTok alleged, “then Congress will have free rein to ban any American from speaking simply by identifying some risk that the speech is influenced by a foreign entity.”

TikTok doesn’t want to post big disclaimers on the app warning of “covert” influence, claiming that the government relied on “secret evidence” to prove this influence occurs on TikTok. But if the Supreme Court agrees that the government needed to show more than “bare factual assertions” to back national security claims the lower court said justified any potential speech restrictions, then the court will also likely agree to reverse the lower court’s decision, TikTok suggested.

It will become much clearer by January 6 whether the January 19 ban will take effect, at which point TikTok would shut down, booting all US users from the app. TikTok urged the Supreme Court to agree it is in the public interest to delay the ban and review the constitutional claims to prevent any “extreme” harms to both TikTok and US users who depend on the app for news, community, and income.

If SCOTUS doesn’t intervene, TikTok said that the lower court’s “flawed legal rationales would open the door to upholding content-based speech bans in contexts far different than this one.”

“Fearmongering about national security cannot obscure the threat that the Act itself poses to all Americans,” TikTok alleged, while suggesting that even Congress would agree that a “modest delay” in enforcing the law wouldn’t pose any immediate risk to US national security. Congress is also aware that a sale would not be technically, commercially, or legally possible in the timeframe provided, TikTok said. A temporary injunction would prevent irreparable harms, TikTok said, including the irreparable harm courts have long held is caused by restricting speech of Americans for any amount of time.

“An interim injunction is also appropriate because it will give the incoming Administration time to determine its position, as the President-elect and his advisors have voiced support for saving TikTok,” TikTok argued.

Ars could not immediately reach TikTok for comment.

Facing ban next month, TikTok begs SCOTUS for help Read More »

in-it?-need-cash?-cybersecurity-whistleblowers-are-earning-big-payouts.

In IT? Need cash? Cybersecurity whistleblowers are earning big payouts.

False Claims Act, fraud, Policy, whistleblowers / /

Matthew Decker is the former chief information officer for Penn State University’s Applied Research Laboratory. As of October, he’s also $250,000 richer.

In his Penn State position, Decker was well placed to see that the university was not implementing all of the cybersecurity controls that were required by its various contracts with NASA and the Department of Defense (DoD). It did not, for instance, use an external cloud services provider that met the DoD’s security guidelines, and it fudged some of the self-submitted “scores” it made to the government about Penn State’s IT security.

So Decker sued the school under the False Claims Act, which lets private individuals bring cases against organizations on behalf of the government if they come across evidence of wrongdoing related to government contracts. In many of these cases, the government later “intervenes” to assist with the case (as it did here), but whether it does so or not, whistleblowers stand to collect a percentage of any fines if they win.

In October, Penn State agreed to a $1.25 million settlement with the government; Decker got $250,000 of the money.

On the regular

This now happens in IT with some regularity. In November, Dell, Dell Federal Systems, and Iron Bow Technologies settled with the government for $4.3 million over claims that they “violated the False Claims Act by submitting and causing the submission of non-competitive bids to the Army and thereby overcharging the Army under the Army Desktop and Mobile Computing 3 (ADMC-3) contract.”

But once again, this wasn’t something the government uncovered on its own; a whistleblower named Brent Lillard, who was an executive at another company in the industry, brought the initial complaint. For his work, Lillard just made $345,000.

In early December, Gen Digital (formerly Symantec) paid a much larger fee—$55.1 million—after losing a trial in 2022. Gen Digital/Symantec was found liable for charging the government higher prices than it charged to companies.

Once again, the issue was brought to light by a whistleblower, Lori Morsell, who oversaw the contract for Gen Digital/Symantec. Morsell’s award has not yet been determined by the court, but given the amount of the payout, it should be substantial.

False Claims Act goes digital

Due to the complexity of investigating—or even finding out about—technical failures and False Claims Act cases from the outside of an organization, the government has increasingly relied on whistleblowers to kick-start these sorts of IT cases.

In IT? Need cash? Cybersecurity whistleblowers are earning big payouts. Read More »

hackers-seek-ransom-after-getting-ssns,-banking-info-from-state-gov’t-portal

Hackers seek ransom after getting SSNs, banking info from state gov’t portal

Policy, Rhode Island, ribridges, Security / /

Hackers trying to extort the Rhode Island government infiltrated the state’s public benefits system, causing state officials to shut down online services that let residents apply for Medicaid and other assistance programs.

“As part of this investigation today, we discovered that within the Rhode Island Bridges system, a cybercriminal had installed dangerous malware that constituted an urgent threat,” Governor Dan McKee said at a Friday night press conference, according to The Providence Journal. “That is why tonight we have shut down the system. That means customers will temporarily not be able to access any customer portal related to the services on Rhode Island Bridges.”

The vendor “Deloitte confirmed that there is a high probability that a cybercriminal has obtained files with personally identifiable information from RIBridges,” McKee’s office said in a press release. Rhode Island has “proactively taken the system offline so that the State and Deloitte can work to address the threat and restore the system as quickly as possible.”

The state decided to sign a new three-year contract with Deloitte in 2021 despite its earlier failure to build a stable system. RIBridges, originally called Unified Health Infrastructure Project (UHIP), launched in 2016 and “suffered from massive cost overruns before launch and catastrophic failures afterward,” WPRI wrote in 2021.

The hack disclosed on Friday has already inspired a class-action lawsuit against Deloitte. The lawsuit was filed in a federal court yesterday.

Many state programs impacted

Information obtained by hackers “may include names, addresses, dates of birth and Social Security numbers, as well as certain banking information,” the governor’s office said Friday, noting that analysis of the breach was not complete.

“To the best of our knowledge, any individual who has received or applied for health coverage and/or health and human services programs or benefits could be impacted by this leak,” the governor’s office said. This includes Medicaid, Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), Child Care Assistance Program (CCAP), health coverage purchased through HealthSource RI, Rhode Island Works (RIW), Long-Term Services and Supports (LTSS), and the General Public Assistance (GPA) Program.

An updates page said the state and Deloitte are still “focused on addressing the threat” and aren’t yet saying when the RIBridges system will be restored. “We understand this is an alarming situation for our customers. Current customers will not be able to log into their account through the portal or the mobile app while the system is offline… Rhode Islanders seeking to apply for benefits can still submit a paper application.”

Hackers seek ransom after getting SSNs, banking info from state gov’t portal Read More »

amazon-facing-strike-threats-as-senate-report-details-hidden-widespread-injuries

Amazon facing strike threats as Senate report details hidden widespread injuries

Amazon, amazon labor union, amazon warehouse workers, bernie sanders, national labor relations board, nlrb, Policy, unfair labor practices / /

“Obsessed with speed and productivity”

Amazon ignores strike threats, denies claims of “uniquely dangerous warehouses.”

Just as Amazon warehouse workers are threatening to launch the “first large-scale” unfair labor practices strike at Amazon in US history, Sen. Bernie Sanders (I-Vt.) released a report accusing Amazon of operating “uniquely dangerous warehouses” that allegedly put profits over worker safety.

As chair of the Senate Committee on Health, Education, Labor, and Pensions, Sanders started investigating Amazon in June 2023. His goal was “to uncover why Amazon’s injury rates far exceed those of its competitors and to understand what happens to Amazon workers when they are injured on the job.”

According to Sanders, Amazon “sometimes ignored” the committee’s requests and ultimately only supplied 285 documents requested. The e-commerce giant was mostly only willing to hand over “training materials given to on-site first aid staff,” Sanders noted, rather than “information on how it tracks workers, the quotas it imposes on workers, and the disciplinary actions it takes when workers cannot meet those quotas, internal studies on the connection between speed and injury rates, and the company’s treatment of injured workers.”

To fill in the gaps, Sanders’ team “conducted an exhaustive inquiry,” interviewing nearly 500 workers who provided “more than 1,400 documents, photographs, and videos to support their stories.” And while Amazon’s responses were “extremely limited,” Sanders said that the Committee was also able to uncover internal studies that repeatedly show that “Amazon chose not to act” to address safety risks, allegedly “accepting injuries to its workers as the cost of doing business.”

Perhaps most critically, key findings accuse Amazon of manipulating workplace injury data by “cherry-picking” data instead of confronting the alleged fact that “an analysis of the company’s data shows that Amazon warehouses recorded over 30 percent more injuries than the warehousing industry average in 2023.” The report also alleged that Amazon lied to federal regulators about injury data, discouraged workers from receiving outside care to hide injuries, and terminated injured workers while on approved medical leave.

“This evidence reveals a deeply troubling picture of how one of the largest corporations in the world treats its workforce,” Sanders reported, documenting “a corporate culture obsessed with speed and productivity.”

Amazon disputed Sanders’ report

In a statement, Amazon spokesperson Kelly Nantel disputed the report as “wrong on the facts.”

Sanders’ report allegedly “weaves together out-of-date documents and unverifiable anecdotes to create a pre-conceived narrative that he and his allies have been pushing for the past 18 months,” Nantel said. “The facts are, our expectations for our employees are safe and reasonable—and that was validated both by a judge in Washington after a thorough hearing and by the State’s Board of Industrial Insurance Appeals, which vacated ergonomic citations alleging a hazardous pace of work.”

Nantel said that Sanders ignored that Amazon has made “meaningful progress on safety—improving our recordable incident rates by 28 percent in the US since 2019, and our lost time incident rates (the most serious injuries) by 75 percent.”

But Sanders’ report anticipated this response, alleging that “many” workers “live with severe injuries and permanent disabilities because of the company’s insistence on enforcing grueling productivity quotas and its refusal to adequately care for injured workers.” Sanders said if Amazon had compelling evidence that refuted workers’ claims, the company failed to produce it.

“Although the Committee expects Amazon will dispute the veracity of the evidence those workers provided, Amazon has had eighteen months to offer its own evidence and has refused to do so,” Sanders reported.

Amazon Labor Union preparing to strike

In August, the National Labor Relations Board (NLRB) determined that Amazon is a joint employer of contracted drivers hired to ensure the e-commerce giant delivers its packages when promised. The Amazon Labor Union (ALU)—which nearly unanimously voted to affiliate with the International Brotherhood of Teamsters this summer—considered this a huge win after Amazon had long argued that it had no duty to bargain with driver unions and no responsibility for alleged union busting.

Things seemed to escalate quickly after that, with the NLRB in October alleging that Amazon illegally refused to bargain with the union, which reportedly represents thousands of drivers who are frustrated by what they claim are low wages and dangerous working conditions. As the NLRB continues to seemingly side with workers, Amazon allegedly is “teaming up with Elon Musk in a lawsuit to get the NLRB declared unconstitutional,” workers said in an email campaign reviewed by Ars.

Now, as the holidays approach and on-time deliveries remain Amazon’s top priority, the ALU gave the tech company until Sunday to come to the bargaining table or else “hundreds of workers are prepared to go on strike” at various warehouses. In another email reviewed by Ars, the ALU pushed for donations to support workers ahead of the planned strike.

“It’s one of the busiest times of year for Amazon,” the email said. “The threat of hundreds of workers at one of its busiest warehouses walking out has real power.”

In a statement provided to Ars, Amazon spokesperson Eileen Hards said that Sanders refused to visit Amazon facilities to see working conditions “firsthand” and instead pushed a “pre-conceived narrative” that Amazon claims is unsupported. Her statement also seemed to suggest that Amazon isn’t taking the threat of workers striking seriously, alleging that the ALU also pushes a “false narrative” by supposedly exaggerating the number of workers who have unionized. (Amazon’s full statement disputing Sanders’ claims in-depth is here.)

“For more than a year now, the Teamsters have continued to intentionally mislead the public—claiming that they represent ‘thousands of Amazon employees and drivers,’” Hards said. “They don’t, and this is another attempt to push a false narrative. The truth is that the Teamsters have actively threatened, intimidated, and attempted to coerce Amazon employees and third-party drivers to join them, which is illegal and is the subject of multiple pending unfair labor practice charges against the union.”

Workers seem unlikely to be quieted by such statements, telling Sanders that Amazon allegedly regularly ignores their safety concerns, orders workers to stay in roles causing them pain, denies workers’ medical care, and refuses to accommodate disabilities. Among the support needed for workers preparing to walk out are medical care and legal support, including “worker retaliation defense funds,” the union’s campaign said.

While Amazon seemingly downplays the number of workers reportedly past their breaking point, Sanders alleged that the problem is much more widespread than Amazon admits. According to his report, Amazon workers over “the past seven years” were “nearly twice as likely to be injured as workers in warehouses operated by the rest of the warehousing industry,” and “more than two-thirds of Amazon’s warehouses have injury rates that exceed the industry average.”

Amazon allegedly refuses to accept these estimates, even going so far as repeatedly claiming that “worker injuries were actually the result of workers’ ‘frailty’ and ‘intrinsic likelihood of injury,'” Sanders reported, rather than due to Amazon’s fast-paced quotas.

Laws that could end Amazon’s alleged abuse

On top of changes that Amazon could voluntarily make internally to allegedly improve worker safety, Sanders recommended a range of regulatory actions to force Amazon to end the allegedly abusive practices.

Among solutions is a policy that would require Amazon to disclose worker quotas that allegedly “force workers to move quickly and in ways that cause injuries.” Such transparency is required in some states but could become federal law, if the Warehouse Worker Protection Act passes.

And likely even more impactful, Sanders pushed to pass the Protecting America’s Workers Act (PAWA), which would increase civil monetary penalties for violations of worker safety laws.

In his report, Sanders noted that Amazon is much too big to be held accountable by current maximum penalties for workplace safety violations, which are just over $16,000. Penalties for 50 violations for one two-year period were just $300,000, Sanders said, which was “approximately 1 percent of Amazon CEO Andy Jassy’s total compensation in 2023.”

Passing PAWA would spike the maximum penalty for willful and repeated violations to $700,000 and is necessary, Sanders advocated, to “hold Amazon accountable for its failure to protect its workers.”

Additional legal protections that Congress could pass to protect workers include laws protecting workers’ rights to organize, banning Amazon from disciplining workers based on automated systems allegedly “prone to errors,” and ending Amazon’s alleged spying, partly by limiting worker surveillance.

In his report, Sanders suggested that his findings align with workers’ concerns that have become “the basis of efforts to organize warehouses in New York, Kentucky, Florida, Alabama, Missouri, and beyond.” And as many workers seem ready to strike at Amazon’s busiest time of year, instead of feeling optimistic that Amazon will bargain with workers, they’re bracing for suspected retaliation and planning to hit Amazon where it hurts most—the e-commerce giant’s bottom line.

In an email Monday, the campaign suggested that “Amazon only speaks one language, and that’s money.”

“We’re ready to withhold our labor if they continue to ignore their legal obligation to come to the table,” the email said, noting that when it comes to worker well-being, “our message is clear: We can’t wait anymore.”

Photo of Ashley Belanger

Ashley is a senior policy reporter for Ars Technica, dedicated to tracking social impacts of emerging policies and new technologies. She is a Chicago-based journalist with 20 years of experience.

Amazon facing strike threats as Senate report details hidden widespread injuries Read More »